EFFECTIVE RISK MANAGEMENT IN DECISION MAKING PROCESS March

Identification Control Assess Mitigate Risk Management Evaluation Mitigate Prioritizing Report

IMPACT VS. LIKELIHOOD Threat Level Medium High Critical Medium Low Medium High Low Low

WHICH HAS THE HIGHEST RISK? Event Potential Exposure Likelihood Expected Exposure Minor Penetration $

STRATEGIES FOR RISK RESPONSE Cost-Benefit Analysis ACCEPT AVOID TRNASFER MITIGATE

DECISION MAKING PROCESS Business Risk Collect Data • Input & Output • Historical Results

RISK CATEGORIES IT Cyber Security Regulatory Legal & & Compliance Financial Operational Reputational Strategic

TECHNOLOGY RISKS Security Availabili ty Technolo gy Risk Infrastruct ure Complian ce

STEPS IN RISK MANAGEMENTS Identify Risks Cause Results Analyze Risks Determine Likelihood Determine Consequences

Slides: 15

Download presentation

EFFECTIVE RISK MANAGEMENT IN DECISION MAKING PROCESS March 2019

Return Risk Uncertainty

Plan Management Control

Identification Control Assess Mitigate Risk Management Evaluation Mitigate Prioritizing Report

IMPACT VS. LIKELIHOOD Threat Level Medium High Critical Medium Low Medium High Low Low Medium High Likelihood High Impact

EXPOSURE TO RISK

INHERENT RISK VS. RESIDUAL RISK

QUANTITATIVE RISK ASSESSMENT

WHICH HAS THE HIGHEST RISK? Event Potential Exposure Likelihood Expected Exposure Minor Penetration $ 1, 000 80% $ 800, 000 Unauthorized Viewing of Data $ 50, 000 35% $17, 500, 000 Unauthorized Altering of Data $ 2, 000, 000 1% $ 20, 000

PRESENT IN DASHBOARD

STRATEGIES FOR RISK RESPONSE Cost-Benefit Analysis ACCEPT AVOID TRNASFER MITIGATE

DECISION MAKING PROCESS Business Risk Collect Data • Input & Output • Historical Results What could go wrong? Analyze Data • Profitability • Available Resources Analyze Data • Scenario Analysis • Sensitivity Analysis • Cost vs. Benefit Take Decision • Strategy • Objectives Take Decision • Lowest Risk • Highest Return

RISK CATEGORIES IT Cyber Security Regulatory Legal & & Compliance Financial Operational Reputational Strategic & Societal Business

TECHNOLOGY RISKS Security Availabili ty Technolo gy Risk Infrastruct ure Complian ce

STEPS IN RISK MANAGEMENTS Identify Risks Cause Results Analyze Risks Determine Likelihood Determine Consequences Evaluate Risks Impact Prioritize Treat Risks Accept Avoid Transfer Mitigate Monitor Risks Key Risks Indictors Reporting